New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sqlite: 3.28.0 -> 3.31.0 (security, backport) #78321
Conversation
@GrahamcOfBorg test sqlite |
00f2939
to
2c1d08c
Compare
Actual security fixes (patches) should be applied instead. |
The commit messages do not explicitly mention the CVEs, so pulling out the fixes manually would be a lot of work. |
The CVE entries usually link to a commit on the master branch. Then look up the corresponding parts in the 3.28-branch to confirm the changes made it to the 3.28 branch. Checklist:
I will update the PR accordingly. |
19.09 is EOL. @FRidh merge as is or close (and mark as insecure)? |
We can't backport this update because it would break too much. Marking it as insecure nearly marks the whole of Nixpkgs as unusable, so that's no option either. The only real options we have is creating patches, or leaving it exposed. Given 19.09 is EOL either of the last two is fine. |
Motivation for this change
Backport of #78320, skipping (vulnerable) sqlite 3.30.1
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)